Sign-up

ID

VAR-201308-0470


TITLE

Huawei B153 3G/UMTS Router Password Disclosure Access Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-11692

DESCRIPTION

Huawei B153 is a mobile access device. The Huawei B153 3G/UMTS router firmware version 1096.11.405.03.111sp02 supports the WPS protocol for user convenience. Huawei B153 3G / UMTS is a wireless router product from China's Huawei. An access bypass vulnerability exists in the Huawei B153 3G / UMTS router. An attacker could use this vulnerability to bypass specific security restrictions and perform unauthorized operations. There are vulnerabilities in Huawei B153 3G / UMTS 1096.11.405.03.111sp02 version running firmware, other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2013-11692 // CNNVD: CNNVD-201308-081 // BID: 61616

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-11692

AFFECTED PRODUCTS

vendor:huaweimodel:b153 3g/umts routerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-11692

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-11692
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-11692
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-11692

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-081

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201308-081

PATCH

title:Huawei B153 3G/UMTS Router Password Leak Access Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/38063

Trust: 0.6

sources: CNVD: CNVD-2013-11692

EXTERNAL IDS

db:BIDid:61616

Trust: 1.5

db:CNVDid:CNVD-2013-11692

Trust: 0.6

db:CNNVDid:CNNVD-201308-081

Trust: 0.6

sources: CNVD: CNVD-2013-11692 // BID: 61616 // CNNVD: CNNVD-201308-081

REFERENCES

url:http://www.securityfocus.com/archive/1/527773

Trust: 0.6

url:http://www.securityfocus.com/bid/61616

Trust: 0.6

url:http://seclists.org/bugtraq/2013/aug/32

Trust: 0.3

url:http://www.huaweidevice.com.eg/product-description/mobile%20access%20devices-b153.php

Trust: 0.3

url:http://www.huaweidevice.com/worldwide/

Trust: 0.3

sources: CNVD: CNVD-2013-11692 // BID: 61616 // CNNVD: CNNVD-201308-081

CREDITS

Roberto Paleari and Alessandro Di Pinto

Trust: 0.9

sources: BID: 61616 // CNNVD: CNNVD-201308-081

SOURCES

db:CNVDid:CNVD-2013-11692
db:BIDid:61616
db:CNNVDid:CNNVD-201308-081

LAST UPDATE DATE

2022-05-17T01:46:35.509000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-11692date:2013-08-09T00:00:00
db:BIDid:61616date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201308-081date:2013-08-08T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-11692date:2013-08-07T00:00:00
db:BIDid:61616date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201308-081date:2013-08-08T00:00:00